Nextcloud is a leading free, open source, web based office application, offering document sharing, contacts, calendar and much more. Webarchitects is a UK based co-operative which provides Nextcloud hosting on managed virtual servers.

Private Cloud Servers

There is no limit to the number of user accounts or groups that you can add
to your Nextcloud server. So, for example, if you run an organisation with a
small number of core staff and a large number of volunteers then our
Nextcloud hosting could work out cheaper than using corporate services such as G
Suite from Google or Office 365 from Microsoft as they charge per user
account.

Collaborative editing, video conferencing and chat

We provision Nextcloud servers using our public Ansible playbook with the
option to also install a TURN
server which enables the use of Nextcloud
Talk when end points are using NAT (most networks are these days). This provides
private, peer-to-peer voice and video calls between users on
desktops, laptops and phones. We can also install a Prosody XMPP server which allow the use of JavaScript XMPP Chat and other
XMPP chat clients.

We can optionally (given enough disk space and RAM, we would suggest a minimum of 2GB of RAM) also install the
Collabora Online app and
the Collabora Online
Development Edition Docker container, on the same server. This allows the
simultaneous editing of documents by multiple users using the WYSIWYG web based document
editor.

The Nextcloud Mail App
can be used to integrate with our email servers or your
own Mailcow server in order that users have one
interface to manage their whole office environment.

Nextcloud 10 £245 per month

General Data Protection Regulation (GDPR)

With our Nextcloud hosting you have your own, private server, as opposed Office 365 from Microsoft or G Suite (Google Docs etc.) where your data is stored on a shared server. This might be the best option for organisations
which need to comply with the General Data Protection Regulation (GDPR).

Using a free Public Cloud is certainly the worst idea you could have: do you have a clear proof that your customers consented to have their driving license uploaded on Google servers in the USA, with all the privacy and security concerns it implies? All US-based companies currently worry about GDPR, since they cannot ensure the “adequate level of protection” (General Data Protection Regulation, article 45).

Being GDPR-compliant starts with one requirement: knowing which data you have, where they are stored, and who has access to these data.

To ensure various levels of legal compliance, personal data must be stored in certain countries only.

Ensuring security of personal data is one of the most important requirements of GDPR: companies must evaluate their risks and mitigate them. Main requirements include:

encryption of data at rest, in transit and on the cloud. Your company alone must have the key. That already blocks most server-side encryption solutions and public clouds from usage: if you don’t encrypt the data first before sending it off, using Amazon S3, Google, Microsoft or other cloud services is very risky, especially in their free versions.

ability to retrieve personal data in case of accidental or non-accidental problems, from malicious attacks to ransomware issues. 2017 was the year of ransomware but there is no reason to assume the problem is solved in 2018.

the software used to manage data must be trustworthy. That is, verified, approved, certified or at least transparent enough (like open source).

All the disks that host our Sheffield based virtual
servers are encrypted, plus the disks that they are backed up to (we keep
30 days' worth of snapshots of the disks of our virtual servers).
In addition, for clients that require it, we can optionally use LUKS to
encrypt the data partitions of your disks. Clients can then replace
passphrases provided by us, and use their own passphrases so that we are not
able to decrypt the disks. If this is done, then clients need to decrypt their
disks with each reboot via the Xen shell.